A more secure connection to a pdb with the Oracle Wallet

Wallets are cool! Since 9i oracle is pushing us towards services for connecting to a database. Since pdb’s have arrived, you get less and less choice to connect without a service. Recently I discovered passwords stored in environment variables in order to connect to the pdb. A short talk to the author of the script learned me that he just wants to connect to a pdb, so I offered the solution to store the password in the oracle wallet. Here is how I did it on my lab.

Then we can configure the wallet. First step is to create one. This is done by creating a directory and storing the wallet in it. I created the directory /home/oracle/wallet. To create the wallet in this location:

the createCredential option needs 2 things. The tnsnames.ora alias from the pdb and the user you want to connect to that alias. In our case we are connecting to the mypdbsrv entry using the pdbadm user.

So, as you can see, it is fairly easy to get rid of hard coded passwords. Only 2 things to mention.
The wallet uses the tns-alias to store his data. Suppose that you want to store a second user, you need to specify a second tns-alias. Maybe there are workarounds, but I did not find them yet.
Second important thing. Manage your TNS_ADMIN variable. So if you’re not using a default location of sqlnet.ora, make sure tns_admin is pointing to the directory where the sqlnet.ora containing the reference to the wallet directory can be found.